Your Data Matters
GDPR Compliance Data Protection Consultancy
A network of leading GDPR compliance and data protection specialists. We advise organisations on how to comply with Data Protection legislation and remain compliant in an ever-changing regulatory environment.
GDPR Advisor is a network of GDPR specialists offering data protection consultancy services, GDPR compliance and more. We help organisations of all sizes to understand and manage their data risks.
GDPR Advisor is a network of GDPR specialists who provide guidance and advice on data protection compliance obligations for organisations subject to the General Data Protection Regulation (GDPR), through its services, GDPR Advisory Service and GDPR Implementation Services.
Our primary goal is to assist businesses in complying with their data protection obligations under the EU General Data Protection Regulations (GDPR). It assists organisations by providing them with guidance on how to fulfil their responsibilities as well as implementing those practices within an organisation. GDPR compliance consultancy also helps individuals who live outside of Europe but are subject to the legislation by providing information about what this means for them and suggesting solutions.
We help you deal with the most common challenges GDPR compliance presents.
GDPR compliance offers a range of services to help you meet your obligations under the new regulations, including advice and guidance on how to process personal data in compliance with the law, training for staff and management, implementation of appropriate safeguards such as pseudonymisation and encryption, compliance audits and legal reviews in UK.
A comprehensive approach to data protection compliance by offering solutions tailored specifically to each client's needs
Our general consultancy services help you comply with the GDPR regulation and stay on top of all the new guidelines for your company.
We provide our clients with a single point of contact for all GDPR-related services including data protection officer as a service.
We offer a GDPR gap analysis to help you identify actionable steps needed to close those gaps in your data protection.
Data mapping will help you map all your data and identify the personal data that requires protection under GDPR.
GDPR encryption is a powerful privacy and security solution that protects sensitive documents and files from unauthorised access.
A comprehensive review of your data privacy practices, GDPR audit protects your company from any potential fines or penalties.
Frequently Asked Questions
GDPR is short for General Data Protection Regulation. The GDPR is a piece of legislation made by the European Union (EU) that came into force on May 25th, 2018. GDPR changes how organisations must handle the data of EU citizens and requires organisations to have GDPR compliant practices in place.
GDPR is a framework for how EU personal data may be collected and processed, including its storage and transfer between servers located in various European countries. GDPR not only applies to EU companies but overseas organisations with ties to the EU as well – namely those who offer goods or services to EU citizens, or monitor the behaviour of such citizens.
The GDPR requires that companies protect the personal data and privacy of EU citizens by designating a Data Protection Officer (DPO) who is responsible for GDPR compliance.
Companies must also provide clear information about how they collect, store and use EU citizen data; obtain explicit consent from users prior to collection; employ methods of security that show GDPR compliance through encryption, firewalls and anonymisation; be able to restore any lost or stolen data within 72 hours; disclose breaches within 72 hours of discovery; demonstrate compliance with GDPR audit requests on demand.
The General Data Protection Regulation (GDPR) provides several important rights to individuals, also known as data subjects, in relation to their personal data. These rights are designed to give individuals more control over their personal data and how it is processed. The key rights of individuals under GDPR include:
Right to access: Data subjects have the right to access their personal data and receive information about how their personal data is being processed.
Right to rectification: Data subjects have the right to request the correction of inaccurate personal data.
Right to erasure (“right to be forgotten”): Data subjects have the right to request the deletion of their personal data in certain circumstances, such as when it is no longer necessary for the purpose for which it was collected.
Right to restrict processing: Data subjects have the right to request that their personal data not be processed in certain circumstances, such as when they contest the accuracy of the data.
Right to data portability: Data subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
Right to object: Data subjects have the right to object to the processing of their personal data for certain purposes, such as direct marketing.
Right not to be subject to automated decision-making: Data subjects have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning them or similarly significantly affects them.
It is important for organizations that process personal data to be aware of these rights and to have processes in place to respond to requests from data subjects in a timely manner. Failure to comply with the rights of data subjects under GDPR can result in significant fines and other penalties.
The GDPR only applies to personal data, which is any piece of information that relates to an identifiable person. Controllers and processors of such information must comply with the GDPR. The GDPR defines controller and processor as a natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of processing personal data.
The GDPR applies to all companies that control user data regardless of where in the world it is held. GDPR laws apply to organisations around the globe who offer services to EU citizens; process personal information of EU clients; use cookie identifiers; engage third party proxies such as Facebook plug-ins, YouTube video players etc., whether they are established in Europe or not.
The General Data Protection Regulation (GDPR) covers a wide range of personal data. According to GDPR, personal data is any information that relates to an identified or identifiable natural person. This includes, but is not limited to, the following types of information:
- Names and addresses
- Email addresses and phone numbers
- IP addresses and cookies
- Bank and financial information
- Health and medical data
- Racial or ethnic origin
- Political opinions
- Religious or philosophical beliefs
- Sexual orientation
- Trade union membership
In addition to covering traditional types of personal data, GDPR also covers biometric data, such as fingerprints and facial recognition, and genetic data. Under GDPR, personal data can take many forms, including text, images, audio, and video, as well as information stored in databases or processed by software applications.
It is important to note that GDPR applies to both personal data that is actively collected and personal data that is derived from other sources, such as public records or publicly available information. Organisations that process personal data are required to comply with GDPR’s requirements, regardless of the source of the data.
It is necessary to have a GDPR compliance strategy in place to control your GDPR risks:
Firstly, you should audit your systems in order to identify and document all personal data that you hold, where it came from, what the storage requirements are and how it is used.
Next, you need to prioritise your GDPR risks and assess how GDPR laws apply to your organisation. Are you GDPR compliant in terms of what personal information you hold? Do you process personal data under GDPR laws or is it being processed by a third party for your behalf?
At this point it is necessary to consider the risk profile: If the data is highly sensitive then GDPR compliance becomes vital as a matter of corporate reputation. If there are large numbers of records involved then GDPR can be quite costly in terms of time and money.
When these have been addressed, a GDPR solution should be put together that helps you achieve GDPR compliance with minimum financial impact on the business while maintaining regulatory compliance standards.
Under the General Data Protection Regulation (GDPR), multiple parties can be responsible for ensuring compliance. The specific responsibilities for GDPR compliance depend on the role of each party in processing personal data.
Data controllers: Data controllers are the entities that determine the purposes and means of processing personal data. They are responsible for ensuring that the processing of personal data is lawful, transparent, and in line with the rights of data subjects.
Data processors: Data processors are entities that process personal data on behalf of data controllers. They are responsible for implementing appropriate technical and organisational measures to secure personal data and for complying with instructions from the data controller.
Joint controllers: In some cases, two or more entities may jointly determine the purposes and means of processing personal data. In these cases, they are considered joint controllers and are each responsible for complying with their obligations under GDPR.
Data subjects: Data subjects are the individuals whose personal data is being processed. They have specific rights under GDPR, such as the right to access their personal data, the right to request correction of inaccurate personal data, and the right to request deletion of personal data.
It is important for all parties involved in the processing of personal data to understand their responsibilities under GDPR. Failure to comply with GDPR can result in significant fines and other penalties.
Non-compliance with the General Data Protection Regulation (GDPR) can result in significant consequences for organisations. The penalties for non-compliance are designed to be proportionate to the severity of the violation and can include:
Administrative fines: GDPR provides for administrative fines of up to €20 million, or 4% of the total worldwide annual revenue of the preceding financial year, whichever is higher, for violations of certain provisions of the regulation.
Criminal sanctions: GDPR provides for criminal sanctions for certain violations, such as the unauthorised processing of personal data or the failure to comply with an order from a data protection authority.
Reputational harm: Non-compliance with GDPR can result in negative publicity and reputational harm, which can impact an organisation’s ability to attract and retain customers, employees, and partners.
Loss of trust: Failure to comply with GDPR can result in a loss of trust from customers and other stakeholders, who may be less likely to engage with the organisation and more likely to seek out alternatives.
Legal action: Data subjects can bring legal action against organisations for violations of their rights under GDPR, including the right to access their personal data, the right to request correction of inaccurate personal data, and the right to request deletion of personal data.
It is important for organisations to take GDPR compliance seriously and to implement appropriate technical and organisational measures to protect personal data and comply with the regulation’s requirements. Organisations that fail to comply with GDPR can face significant consequences, including significant fines and other penalties, negative publicity, and loss of trust from customers and other stakeholders.
Under GDPR there are three main levels of breach that can occur:
1. GDPR infringement – There are two tiers of GDPR infringement and in tier one the fine is up to 20 million Euros or 2% of global turnover, whichever is higher. Alternatively if you have acted with negligence then GDPR fines can be up to 10 million Euros or 2% of global turnover, whichever is higher.
2. GDPR data subject complaint – If a complaint has been made by an individual (data subject) as a result of GDPR non-compliance and this cannot be resolved amicably, then the ICO could investigate the matter further. This investigation would include looking at what measures you had taken to comply with GDPR and what conclusions the ICO could come to. GDPR fines under this point are capped at 4% of global turnover (profits) or 20 million Euros, whichever is higher – so it makes sense for companies to take GDPR compliance seriously.
3. GDPR data incident report – If you have experienced a breach which is likely to result in a high risk to the rights and freedoms of an individual, then GDPR requires that you report this breach to the ICO within 72 hours of becoming aware of it. GDPR fines are tiered according to severity and for most breaches will be 2% or up to 10 million Euros, whichever is higher. In some extreme cases however GDPR fines can also be as much as 4% or 20 million Euros.
Want to learn more about GDPR?
If you are a business owner or marketer looking to learn more about the new GDPR regulations, we have a few resources that can get you started. Contact us today and one of our experts will be happy to speak with you in person or via phone call regarding how this legislation may affect your marketing strategy moving forward.